Use the Keys Pre-Distribution KDP-scheme for Mandatory Access Control Implementation

Mandatory access control (MAC) mechanisms control which users or processes have access to which resources in a system. MAC policies are increasingly specified to facilitate managing and maintaining access control. However, the correct specification of the policies is a very challenging problem. To formally and precisely capture the security properties that MAC should adhere to, MAC models are usually written to bridge the rather wide gap in abstraction between policies and mechanisms. In this paper, we propose a general approach for property verification for MAC models. The approach defines a standardized structure for MAC models, providing for both property verification and automated generation of test cases. The approach expresses MAC models in the specification language of a model checker and expresses generic access control properties in the property language. Then the approach uses the model checker to verify the integrity, coverage, and confinement of these properties for the MAC models and finally generates test cases via combinatorial covering array for the system implementations of the models.

Download Full-text

An Approach to Verify Correctness of the Mandatory Access Control Framework

Lecture Notes in Electrical Engineering - Unifying Electrical Engineering and Electronics Engineering ◽

10.1007/978-1-4614-4981-2_241 ◽

2013 ◽

pp. 2201-2208 ◽

Cited By ~ 1

Author(s):

Xiaokun Zhang ◽

Ri Xu ◽

Yan Zhang ◽

Geng Zhao

Keyword(s):

Access Control ◽

Mandatory Access Control ◽

Control Framework

Download Full-text

Mandatory access control scheme based on security label for state power control system

Network Security and Communication Engineering ◽

10.1201/b18660-9 ◽

2015 ◽

pp. 41-46

Keyword(s):

Control System ◽

Access Control ◽

Power Control ◽

State Power ◽

Mandatory Access Control ◽

Control Scheme ◽

Power Control System ◽

Security Label

Download Full-text

An Extended Mandatory Access Control Model for XML

Advances in Computer Science – ASIAN 2005. Data Management on the Web - Lecture Notes in Computer Science ◽

10.1007/11596370_37 ◽

2005 ◽

pp. 280-281

Author(s):

Dong-Zhan Zhang ◽

Yong-Sheng Xue

Keyword(s):

Access Control ◽

Control Model ◽

Access Control Model ◽

Mandatory Access Control

Download Full-text

Enterprise Access Control Policy Engineering Framework

Handbook of Research on Information Security and Assurance ◽

10.4018/978-1-59904-855-0.ch028 ◽

2009 ◽

pp. 331-340

Author(s):

Arjmand Samuel

Keyword(s):

Access Control ◽

Control Policy ◽

Control Mechanisms ◽

Access Control Policy ◽

Access Control Models ◽

Engineering Activity ◽

The Subject ◽

Test Suite Generation ◽

Depth View ◽

Control Implementation

This chapter outlines the overall access control policy engineering framework in general and discusses the subject of validation of access control mechanisms in particular. Requirements of an access control policy language are introduced and their underlying organizational philosophy is discussed. Next, a number of access control models are discussed and a brief outline of various policy verification approaches is presented. A methodology for validation of access control implementations is presented along with two approaches for test suite generation, that is, complete FSM based and heuristics based. This chapter is aimed at providing an overview of the access control policy engineering activity and in-depth view of one approach to device test cases for an access control implementation mechanism.

Download Full-text